Application & Web Security Specialist
Dillard’s is seeking an Application & Web Security Specialist to join the Information Security team in Little Rock, Arkansas. This specialist will be responsible for leading the team while serving as a security consultant for Information Technology. You will work with developers on identifying security risks within their applications and validate remediation. This role offers the opportunity to build solid relationships throughout the enterprise, with developers and vendors while learning about the vast amount of technologies employed within our organization. There are other opportunities to serve included with this role that relate to other Security disciplines such as Penetration Testing, Vulnerability Management, and Event Correlation.
ROLES and RESPONSIBILITIES
- Inspect and assess current solutions on Application Security risks.
- Identify security flaws in application code and web configurations, suggest and oversee remediation.
- Collaborate to create effective SIEM rules and other tools’ alerts to notify staff of application and web threats and correlate across environments.
- Lead the vulnerability practice of scanning code across technology stacks and languages.
- Validate risks and vulnerabilities while rating criticality and urgency.
- Conduct penetration tests on code and web environments after every significant modification.
- Ensure security controls are in compliance with applicable laws, regulations and policies to minimize risk and audit findings.
- Train others in IT on application security concepts and educate developers on risk based coding including the OWASP best practices.
- Identify areas where IT processes need to be established or improved.
- Participate in on-call rotation across the Information Security group.
DESIRED QUALIFICATIONS and EXPERIENCE
- Authorization to work in the United States without sponsorship.
- Knowledge of web architectures (WebSphere, Apache, IIS/IHS, CDN, NFS mounts, ESB, Jenkins, OCP) and application languages (.NET, Groovy, Java, PHP, BASH, Python, AJAX, Ruby on Rails, REST, XML, SOA, HTML, XML, COBOL), and code repositories (GIT, CVS, etc.).
- Understanding of security threats and solutions for applications.
- Experience analyzing risk in accordance with regulations including PCI, HIPAA, and Sarbanes-Oxley.
- Experience creating processes, procedures and solutions that reduce technical risk and increase operational efficiency.
- Ability to work independently and in teams, while meeting multiple deadlines.
- Strong interpersonal and communication skills with proven decision making skills.
- Desire to troubleshoot and lead investigations.
- History of and commitment to ethical behavior and ethical full disclosure.
- Background in the following areas: cyber security, intrusion detection/prevention, OS architecture, malicious network traffic identification, malicious code detection/prevention, security auditing, security architecture, security awareness education, databases, identity management, PKI, encryption methods/standards, event correlation, authentication services, advanced incident handling and forensics.
To apply, please submit a PDF of your resume and a PDF of your cover letter answering the following questions.
- Tell us why you’re interested in this position. What are you looking for in a career move?
- Give us your elevator pitch! Why are you a good fit for this position? What skills and abilities do you have that you feel make you qualified?
- We want to ensure we’re on the same page when it comes to compensation. What is your salary expectation (amount required to move forward with your application)? Is it negotiable?
- Our team works in our corporate office in Little Rock, AR. Are you local? If not, are you willing to relocate?
Related keywords: application security specialist, web security specialist, application & web security specialist